How to take a packet trace with LANalyzer for Windows
(Last modified: 16Sep2003)
This document (10084781) is provided subject to the disclaimer at the end of this document.
goal
How to take a packet trace with LANalyzer for Windows
fact
LANalyzer for Windows
fix
Below is step by step information about how to use LANalyzer.
To get LANalyzer go to http://support.novell.com/, and download LZFWLF.EXE. (Note: This is a limited version. It can be used to perform captures but it will only display 4 devices on the dashboard and no decodes)
The full product is available from your Novell Reseller.
LANalyzer for Windows can be installed on Windows 95/98 and Windows NT/2000. It can trace any node on the network, however, captures cannot be run from an NT, XP, or Windows 2000 machine. The machine running LANalyzer must have the Novell NetWare Client with IPX support (IPX required for LANalyzer to install properly, but it can trace any protocol). The network adapter in the machine running LANalyzer will need to be able to support promiscuous mode.
The steps for taking a trace with LANalyzer for Windows:
1. Install LANalyzer on Windows 95/98
a. Create a directory to expand the file in
b. Download the file into that directory, or copy it to that directory
c. Run LZFWLF, it will self-extract the files for installing the program.
d. Run Setup
2. Launch LANalyzer
3. Increase the Packet Buffer size.
Select "Options" under the "Capture" menu. The default is 256K. Set the buffer to at least 4096. After taking the trace, the size of the file should usually be less than the size of the buffer. While taking the trace watch the dial on the upper right hand side of the dashboard. When that fills up with green then it has started to overwrite the beginning of the trace and you may need to increase the buffer size and start the trace again.
4. Select the machines you want to monitor in your trace.
Select "Filter..." under the "Capture" menu. You will want to verify with the engineer how the filter should be set. (See additional notes below) Typically you will not want to capture all LAN traffic. In most cases you will manually enter the 12 digit MAC address of a workstation and capture all traffic going to and from that workstation (arrow going both ways). Generally it is good to set up LANalyzer on a separate workstation so that running LANalyzer does not affect the trace (especially when you are tracing a performance issue). The two machines have to be in the same collision domain. You can do this by mirroring the ports on the switch, or by plugging them both into a dumb 4-port hub, and then plug the hub into the switch.
NOTE: To get the mac address of the card, you can use winipcfg on 95/98, or ipconfig /all from a CMD prompt on NT/2000/XP. Do not select any protocols, it captures all protocols by default. Then click on OK.
5. Start the Trace.
Press the 'Start' button from the Dashboard window to start the trace. Then create the problem you are trying to capture.
6. Stop and Save the Trace.
After the error has happened, select the 'Stop' button, then select 'View' (Ctrl-B). While viewing the Capture Buffer, select File, 'Save Unfiltered Packets' (Ctrl-U) and type a file name (with the default .tr1 extension). If you see less than 100 packets, and the destination is always FFFFFFFF (IPX) or always ends with .255 (IP), then all we have is broadcast packets, and this is not a good trace. Double check that you have the Mac address entered correctly. You will need to mirror the ports on the switch, or plug the workstations into a hub that has no intelligence to prevent one workstation from seeing the packets destined for the other.
7. Send the file to Tech Support
If it is larger than 5mg, we prefer that you zip the files that you upload, using the <incident number>.zip as a naming convention, i.e. 1234567.zip. You can include a readme.txt if there is any information you would like to include with the trace. Upload the file to ftp.novell.com/incoming. Once the file has been uploaded please notify your technician that it is there by updating the incident on the web at https://secure-support.novell.com/elecinc/eiLogin.jsp.
More information on LANalyzer is available in TID 2933929.
document
| Document Title: | How to take a packet trace with LANalyzer for Windows |
| Document ID: | 10084781 |
| Solution ID: | NOVL90732 |
| Creation Date: | 07Jul2003 |
| Modified Date: | 16Sep2003 |
| Novell Product Class: | NetWare |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.